Redhat

Jboss Enterprise Web Platform

21 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.9

CVE-2011-2487

  • EPSS 0.14%
  • Published 11.03.2020 16:15:11
  • Last modified 21.11.2024 01:28:23

The implementations of PKCS#1 v1.5 key transport mechanism for XMLEncryption in JBossWS and Apache WSS4J before 1.6.5 is susceptible to a Bleichenbacher attack.

6.8

CVE-2014-0248

  • EPSS 2.35%
  • Published 07.07.2014 14:55:03
  • Last modified 12.04.2025 10:46:40

org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework Kit 2.5.0, JBoss Enterprise Application Platform (JBEAP) 5.2.0, and JBoss Enterprise Web Platform (JBEWP) 5.2.0 allows remote attackers to execute arbitrary code via a crafted aut...

7.4

CVE-2014-0224

Exploit
  • EPSS 92.69%
  • Published 05.06.2014 21:55:07
  • Last modified 12.04.2025 10:46:40

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL...

5

CVE-2011-4610

  • EPSS 1.5%
  • Published 10.02.2014 23:55:04
  • Last modified 11.04.2025 00:51:21

JBoss Web, as used in Red Hat JBoss Communications Platform before 5.1.3, Enterprise Web Platform before 5.1.2, Enterprise Application Platform before 5.1.2, and other products, allows remote attackers to cause a denial of service (infinite loop) via...

5

CVE-2013-4210

  • EPSS 1.27%
  • Published 01.10.2013 17:55:03
  • Last modified 11.04.2025 00:51:21

The org.jboss.remoting.transport.socket.ServerThread class in Red Hat JBoss Remoting for Red Hat JBoss SOA Platform 5.3.1 GA, Web Platform 5.2.0, Enterprise Application Platform 5.2.0, and other products allows remote attackers to cause a denial of s...

6.4

CVE-2012-5575

  • EPSS 12.29%
  • Published 19.08.2013 23:55:08
  • Last modified 11.04.2025 00:51:21

Apache CXF 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x before CXF 2.7.4 does not verify that a specified cryptographic algorithm is allowed by the WS-SecurityPolicy AlgorithmSuite definition before decrypting, which allows remote attackers...

5

CVE-2011-1483

  • EPSS 1.37%
  • Published 29.07.2013 13:59:54
  • Last modified 11.04.2025 00:51:21

wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communicat...

7.5

CVE-2013-2165

  • EPSS 25.71%
  • Published 23.07.2013 11:03:11
  • Last modified 11.04.2025 00:51:21

ResourceBuilderImpl.java in the RichFaces 3.x through 5.x implementation in Red Hat JBoss Web Framework Kit before 2.3.0, Red Hat JBoss Web Platform through 5.2.0, Red Hat JBoss Enterprise Application Platform through 4.3.0 CP10 and 5.x through 5.2.0...

7.5

CVE-2012-5629

  • EPSS 0.79%
  • Published 12.03.2013 23:55:01
  • Last modified 11.04.2025 00:51:21

The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) 5.2.0 allow remote attackers to bypass authenticati...

4.9

CVE-2012-5478

  • EPSS 0.52%
  • Published 05.02.2013 23:55:01
  • Last modified 11.04.2025 00:51:21

The AuthorizationInterceptor in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 does not properly restrict access, which allows remote authenticated ...